Hot topics

Security researcher says: "VPNs on iOS are broken" – and Apple knows

Apple VPN service shutterstock 2084082865
© FellowNeko/Shutterstock

Read in other languages:

According to security researcher Michael Horowitz "VPNs (virtual private networks) on iOS are a scam". And worse than that, Apple has known about it for at least two years. Read on to understand what the implications of this are for you as an iPhone-User.


TL;DR

  • A security researcher has been analyzing Apple's VPN service since May 2022.
  • At first, VPNs on iOS work properly, but long-term use of the service has proven flawed.
  • This is a data leak, and the first mention of this problem was made by ProtonVPN in March 2020.
  • As a consequence, those who rely on VPN services on iOS would supposedly be exposed, as there is no way to ensure that data is actually being sent over a secured network.

In an ongoing post on his blog, Horowitz has been studying Apple's VPN service since May 2022. He confirmed the problems involving these services using various types of VPNs and software from several VPN providers. The latest version of iOS he used him was v15.6. However, this same data leak has been known since March 2020, when ProtonVPN first made the problems public.

Normally, when a user connects to a VPN, the operating system closes all existing Internet connections and then re-establishes them through the VPN tunnel. In general terms, a VPN encrypts your data and redirects it through one or more servers. As you can read in our guide on VPNs, it usually is a good way to browse the web anonymously. To ensure your privacy, all data should be routed through the secured connection. 

As mentioned by my colleague Rubens Eishima in our VPN comparison, this type of service is used to bypass censorship systems of governments, totalitarian or not, or even geo-restricted resources, such as those applied by content providers in the form of streaming services.

So what exactly is iOS doing wrong while establishing VPN-connections? Horowitz states, that connections work properly at first, i.e. the iPhone or iPad gets a new public IP address and new DNS servers and the data is sent to the VPN server. However, over time, close inspection of the data coming out of these iOS devices has shown that the VPN tunnel leaks. Which means we have a data leak and therefore a breach of your privacy.

In response to ProtonVPN, Apple indicated that it would add the Kill Switch feature to a future iOS update (at the time running version 13). This would allow developers to block all existing connections if a VPN-connection is lost. However, it is clear from Horowitz's survey results that this either didn't happen or doesn't work as of now.

Finally, ProtonVPN suggests that enabling the VPN and then turning the device's Airplane mode on and off to force all network traffic to be re-established through the VPN tunnel could work as a solution to the problem. However, the security firm admits that this is not foolproof.

For Horowitz this should not be considered a solution, given that Airplane mode is not reliable in itself. As of this writing, Apple has not yet commented on the matter.

Personally, I do not use a VPN on my iPhone. However, Horowitz's statements are a big wake-up call for activists who are entrusting their privacy and anonymity to these types of services in combination with Apple's iOS. Furthermore, people who use VPNs on iOS to explore streaming services in other regions could likely have their accounts banned as a consequence of possible data leakage.

Do you use any kind of VPN on your iPhone or iPad? How do you view the security researcher's claims? Share your opinion in the comments section below.

Via: 9to5mac Source: Michael Horowitz

  nextpit recommendation Price tip Luxury version with handle Price tip with handle For Garmin fans Mid-range tip
Product
Image Withings Body Smart Product Image Renpho Smart Body Fat Scale Product Image Withings Body Scan Product Image Lepulse Lescale P1 Product Image Garmin Index S2 Smart Scale Product Image eufy Smart Scale P3 Product Image
Deals*
nextpit receives a commission for purchases made via the marked links. This has no influence on the editorial content and there are no costs for you. You can find out more about how we make money on our transparency page.
Go to comment (3)
Camila Rinaldi

Camila Rinaldi
Head of Editorial

With over a decade of experience in tech product reviews, I’ve recently embraced the world of wearables and developed a passion for digital health innovations. While I am now deeply immersed in the Apple ecosystem, my enthusiasm for Android still burns strong. Formerly editor-in-chief at AndroidPIT and Canaltech in Brazil, I now share my insights with the US audience at nextpit. Beyond tech, I cherish my vinyl collection and believe exploring local cuisine is the best way to discover new places. Join me as I explore the fusion of technology and culture in our everyday lives.

To the author profile
Liked this article? Share now!
Recommended articles
Latest articles
Push notification Next article
3 comments
Write new comment:
All changes will be saved. No drafts are saved when editing
Write new comment:
All changes will be saved. No drafts are saved when editing

  • George Kim 5
    George Kim Aug 19, 2022 Link to comment

    Is this the case with every single provider in the market? Such as Nord, Surfshark, Ivacy VPN and etc?


    • Camila Rinaldi 67
      Camila Rinaldi
      • Admin
      • Staff
      Aug 19, 2022 Link to comment

      Yes. It’s related to third-party apps as well.


  • 49
    storm Aug 18, 2022 Link to comment

    Open source code review has strong advantages and better security. The idea that Apple Os of any flavor was more secure was only a marketing claim and very suspect in the tech community.

Write new comment:
All changes will be saved. No drafts are saved when editing